Archive for November, 2004

110179622958188138

Posted in Uncategorized on Tuesday, November 30, 2004 by Yatta

Well i redid the system…… is stilll the same shit!!!1 😦

Advertisements

110174325702697936

Posted in Uncategorized on Monday, November 29, 2004 by Yatta

It’s another day.. another headache…. I’m going to reinstall SuSE 9.2 on my machine and start from scratch. First i’lll deal with dnsmasq…. so i can get the DHCP and DNS working properly on the machine. THEN i’ll tackle the LDAP-Samba- PDC issue.

110160872226600943

Posted in Uncategorized on Saturday, November 27, 2004 by Yatta

Well never did to much today… Ok I never did ANYTHING. I was hopign I would leave it alone come back to it and it work… NOPE!! Still have problems. I tried to view/logon from a windows machine no luck 😦
So i’m looking at my smb.conf again…. MAN the IDEALX scripte left out a BUNCH of shit… I see why i’m not seeign shit on my windows box. There we go.. once I added to my smb.conf:

domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
security = user
encrypt passwords = Yes

I was able to get a logon screen… but alas all was not well.
I need to make the startup.bat file
I created an Samba user account, sambaSAMAccount (for use under Unix and Samba)
smbldap-useradd -amc “Wadup Sir” tester

That still never worked…. I messed around with soem othre things but was too lazt to document it.. but the good thing is when i’m through with it all… i’ll have ALL the configs that i need… TRUST me i will keep them in well guarded area πŸ™‚

But i’m still poking around at it so wish me luck πŸ˜€

110160835342151604

Posted in Uncategorized on Friday, November 26, 2004 by Yatta

I made a LDIF directory to keep al my ldif files… not that I really intend on making a lot of them. I added rootbinddn cn=nssldap,ou=DSA,dc=enigmatic,dc=corner to my /etc/ldap.conf . I’ll admit I just added it because that was how they had it in the HOWTO… sue me. What I’m about to add are security accounts for Samba and Linux. So I then went and made a smbldap-dsa.ldif with those said mentioned accounts.

eve:~ # ldapadd -x -h localhost -D “cn=Manager,dc=enigmatic,dc=corner” -f LDIF/smbldap-dsa.ldif -W
Enter LDAP Password:
adding new entry “ou=DSA,dc=enigmatic,dc=corner”

adding new entry “cn=samba,ou=DSA,dc=enigmatic,dc=corner”

adding new entry “cn=nssldap,ou=DSA,dc=enigmatic,dc=corner”

adding new entry “cn=smbldap-tools,ou=DSA,dc=enigmatic,dc=corner”

I then set the default password for those accounts:

the Samba security account, using ‘sambasecretpwd’ password:
ldappasswd -x -h localhost -D “cn=Manager,dc=enigmatic,dc=corner” -s sambasecretpwd -W cn=samba,ou=DSA,dc=dc=enigmatic,dc=corner

● the Linux (nss_ldap) security account, using ‘nssldapsecretpwd’ password:
ldappasswd -x -h localhost -D “cn=Manager,dc=suse,dc=cac” -s nssldapsecret -W cn=nssldap,ou=DSA,dc=enigmatic,dc=corner

Not sure what is going on here BUT that last comand is not working.
Result: Internal (implementation specific) error (80)
Additional info: unable to retrieve SASL username
eve:~ #

I’ll just leave it for now since I don’t even know what a SASL username is. Let say that I check my ldap and the nssldap is in there. :-/
All of those commands on one line. I had to go back and check something because something just never looked right. Upon sone more reading I decided to create /etc/ldap.secret with a chmod 600. In that file I had the the password for Linux (nss_ldap) security account.
Almost forgot I also added this.
● The smbldap-tools security account, using ‘smbldapsecretpwd’ password:
ldappasswd -x -h localhost -D “cn=Manager,dc=enigmatic,dc=corner” -s smbldapsecret -W cn=smbldap-tools,ou=DSA,dc=enigmatic,dc=corner

As we proceed. For some reason I had to copy over smbldap_tools.pm to /usr/local/sbin otherwise I would get some funky error. After that I then defined the ‘Administrator’ user’s password :
eve:~ # smbldap-passwd Administrator
Changing password for Administrator
New password : ****** (secret)
Retype new password :

Any user placed in the “Domain Admins” group will be granted Windows admin rights for the domain, but only the Administrator account is allowed to join computers to the domain.

Well according to the HOWTO I’m ready to test my system.. YIPPPEEEEE!!!! (I hope)
Umm….. it worked BUT not completely the adding the user and user password worked fine with no problems (which I must say is FIRST). But when I try to login into the machine via ssh no luch. So I think the passdb backend has come back to haunt me.

Hey it’s about that time for me to hit the sack so later peeps.

110160822550788924

Posted in Uncategorized on Wednesday, November 24, 2004 by Yatta

Ok how mant times have I tried Samba/LDAP – PDC??? I’ve lost count. The frig up part to the whoel thing is that EVERY time I try it some a problem I had before is fixed BUT a new one arises?!?! After awhile the shit gets tiring.. trust me.
Over the next few days i’llpost the stuff i’ve done to try an get this working.
I edited three files initially
/etc/openldap/slapd.conf (added the NIS and samba schema)
/etc/ldap.conf and
/etc/nsswitch.conf

I’ll prob post later what exactly I did to those files. To get nss working I also edited:
/etc/pam.d/login
/etc/pam.d/passwd
/etc/pam.d/samba
/etc/pam.d/ssh

That went cool are so I hope fingers crossed. It was time to install idealx’s smbldap-tools. this is usually where I find out that I have something wrong. I edited the smbldap_bind.conf, tried to run smbldap-populate and received:

Can’t locate IO/Socket/SSL.pm in @INC (@INC contains: /usr/local/sbin/ /usr/lib/perl5/5.8.5/i586-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/vendor_perl/5.8.5/Net/LDAP.pm line 919

After receiving that I went into YAST and install:
perl-IO-Socket-SSL
perl-ldap-SSL
and a bunch of other perl stuff

When all of those were finished I tried again:
eve:~/source/smbldap-tools-0.8.5 # smbldap-populate
Using builtin directory structure
adding new entry: dc=idealx,dc=org
Can’t call method “code” without a package or object reference at /usr/local/sbin/smbldap-populate line 388, line 2

Now seeing that I see that something is wrong….. I should not be seeing
adding new entry: dc=idealx,dc=org

AHHH…. I believe I see where I went wrong. When following the instructions from Idealx they say I should just run after I edit the smbldap_bind.conf file. What I should of done IS:

eve:~/source/smbldap-tools-0.8.5 # smbpasswd -w secret
Setting stored password for “” in secrets.tdb
eve:~/source/smbldap-tools-0.8.5 # net getlocalsid
SID for domain EVE is: S-1-5-21-1149220062-2829658090-40929647
eve:~/source/smbldap-tools-0.8.5 #

Woops my bad after going over Idealx HOWTO they do say:
Before using this script:
blah blah blah
Make sure to have the right permissions for this directory. The sticky bit must be set. Make a simple chmod 1777 /home/samba/profiles and it will be ok.

mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 1777 /home/samba/profiles
When I edited my smb.conf to:

# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE
# Date: 2004-10-05
[global]
workgroup = SUSE-CAC
netbios name= PDC-SRV
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
printer admin = @ntadmin, root, administrator
username map = /etc/samba/smbusers
map to guest = Bad User
logon script = startup.bat
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
ldap passwd sync = Yes
# SAMBA-LDAP declarations
# passdb backend = ldapsam:ldap://127.0.0.1/
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Manager,dc=suse,dc=cac
ldap suffix = dc=suse,dc=cac
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = start_tls

add machine script = /usr/local/sbin/smbldap-useradd -w “%u”
add user script = /usr/local/sbin/smbldap-useradd -m “%u”
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel “%u”
add machine script = /usr/local/sbin/smbldap-useradd -w “%u”
add group script = /usr/local/sbin/smbldap-groupadd -p “%g”
#delete group script = /usr/local/sbin/smbldap-groupdel “%g”
add user to group script = /usr/local/sbin/smbldap-groupmod -m “%u” “%g”
delete user from group script = /usr/local/sbin/smbldap-groupmod -x “%u” “%g”
set primary group script = /usr/local/sbin/smbldap-usermod -g “%g” “%u”
——- snip—————

I ran testparm and everything was okay. Then I tried net getlocalsid and ended up with this error:
[2004/11/24 20:33:50, 0] lib/smbldap.c:smbldap_open_connection(623)
Failed to issue the StartTLS instruction: Connect error

From past experience I knew it was my passdb backend that was incorrect so I jst commented it out and went on.
The configuration continues with /etc/smbldap-tools/smbldap.conf; I just put in the SID I got from net getlocalsid and headed over to # LDAP Suffix.
These are the changes I made inthat file:
——-snip——
SID=”S-1-5-21-4291422351-1008801872-4097645076″
——-snip——
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix=”dc=suse,dc=cac”
——-snip——
# directive and/or disable roaming profiles
userSmbHome=”\\PDC-SRV\homes\%U”

# Domain appended to the users “mail”-attribute
# when smbldap-useradd -M is used
mailDomain=”suse.cac”
——-snip——
mk_ntpasswd=”/usr/sbin/mkntpwd”

# The End

Once again tried smbldap-populate script and got error message 😦 .
eve:~/source/smbldap-tools-0.8.5 # smbldap-populate
Using builtin directory structure
adding new entry: dc=suse,dc=cac
Can’t call method “code” without a package or object reference at /usr/local/sbin/smbldap-populate line 388, line 2.

Answer: check the TLS configuration
● if you don’t want to use TLS support, set the /etc/smbldap-tools/smbldap.conf file with
ldapTLS=”0″
of course the opposite if u want to use it.

Voila!!! It worked!!!!!!!!!

It Worked and it is time for bed!!!!!